top of page

CLOUD INFRASTRUCTURE-AS-A-SERVICE (IaaS) PROTECTION AND SECURITY (AWS, Azure, and GCP)

security shared responsibility .png

Cedrus maintains relevant security skills and certifications in popular CSP technology stacks like AWS and Microsoft Azure.  Through our technical knowledge, and information security experience in the enterprise, Cedrus can assist your business in securing your cloud Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) subscriptions and configurations.

In many ways, the Cloud Service Providers (CSPs) are more secure than almost any business in the portions that they are responsible for, but being clear on the parts that your business owns and how to apply security properly is critical. As businesses relinquish control of physical data centers and system hardware, information security responsibilities in some areas are amplified because services that may now be accessible from anywhere have an increased level of exposure risk and more threat / attack vectors. 

 

In addition, each of the main Cloud service providers have slightly different naming conventions to describe similar capabilities and requirements.  At Cedrus, we understand the Information Security team’s desire to apply best practices as the vendor level, while also adhering to a centralized and standard set of controls across vendors.  A good reference point is the Shared Responsibility model.  The model below describes this in a general way, the major CSPs all have good documentation on the details and benefits of their particular approach to security.

CEDRUS CAN HELP

1. Architecture and Security Configuration Assessment:

 

Organizations are moving to the Cloud at a pace that does not align with traditional Information Security processes. Cloud security is a new and unique domain. Additionally, AWS Cloud Security experts are rare and hard to retain. Organizations often inherit AWS accounts from acquisitions or are home-grown by line of business. Cloud security requires specialized skills and knowledge to ensure that risk is mitigated properly. Many organizations struggle to dedicate the appropriate time and resources to these critical projects.

The service offering will focus on the following security epics:

  • Identity Access Management (IAM)

  • Data protection

  • Infrastructure protection

  • Detective controls

  • Incident response

 

The assessment process is conducted in three steps:

  • Discover: Inspect AWS accounts using industry tooling and interview account owners to identify vulnerabilities.

  • Assess: Review the security policies and procedures of the existing accounts against the AWS security pillar of the Well-Architected Framework and the Center for Internet Security (CIS) recommendations.

  • Report: Document a remediation plan and an approach for how to ensure that future AWS accounts are configured properly.

Ready to Get Started? Contact us!

 

2. Container Security:

 

More information coming soon!

Ready to Get Started? Contact us!

 

3. Cloud Security Posture Management (CSPM):

 

After an initial assessment of your security configuration is complete and remediation roadmap/plans are in place, Cedrus can enable an ongoing monitoring solution to make sure that your infrastructure configurations do not slip out of compliance.  This is a cornerstone for providing security on any CSP platform for any business leveraging IaaS or PaaS, but most valuable when:

  • The business has a multi-cloud strategy and wants to enforce similar controls across providers

  • The business has limited cloud native security experts to proactively review configurations and local events

  • The security posture scanning is leveraged in conjunction with:

    • Data Leakage Prevention (DLP) to prevent leaked keys from attackers

    • Shadow IT discovery capability to detect new subscriptions and ensure that they are brought into the standard approach to compliance

    • Cloud Identity services for Federation and Privileged Access Management (PAM) ensure that the CSP admin accounts are protected and actions are monitored

 

In addition to partnerships with the major CSPs, Cedrus partners with Netskope and Okta cloud security solution vendors to provide robust enterprise-ready cloud security for IaaS, PaaS, and SaaS.  Learn more about our partnerships here.

Ready to Get Started? Contact us!

bottom of page